关联漏洞
标题:D-Link DNS-320 命令注入漏洞 (CVE-2024-3273)Description:D-Link DNS-320是中国友讯(D-Link)公司的一款NAS(网络附属存储)设备。 D-Link DNS-320L存在命令注入漏洞,该漏洞源于文件/cgi-bin/nas_sharing.cgi存在命令注入漏洞。受影响的产品和版本:D-Link DNS-320L,DNS-325,DNS-327,DNS-340L,D-Link NAS Storage。
介绍
# CVE-2024-3273 - D-Link Remote Code Execution (RCE) :boom:
A critical vulnerability, classified as CVE-2024-3273, was discovered in several D-Link NAS devices, including DNS-320L, DNS-325, DNS-327L, and DNS-340L, up to the date of 20240403. This vulnerability affects an unknown function of the file `/cgi-bin/nas_sharing.cgi` in the component HTTP GET Request Handler. It allows for command injection through manipulation of the system argument, posing a significant security risk. The exploit can be initiated remotely, making it particularly dangerous.
## Affected Devices :warning:
The following D-Link NAS devices are affected:
- DNS-320L
- DNS-325
- DNS-327L
- DNS-340L
## Vulnerability Details :information_source:
- Component: HTTP GET Request Handler
- File: `/cgi-bin/nas_sharing.cgi`
- Vulnerability Type: Command Injection
- Remote Exploit: Yes
- Vulnerability Identifier: VDB-259284
## Disclaimer :warning:
I am not responsible for any misuse of this Proof of Concept (PoC) exploit. It is your responsibility to use this tool in a legal and ethical manner.
文件快照
[4.0K] /data/pocs/0173dfc777c99b0c6c190b611742c48031710e38
├── [4.6K] CVE-2024-3273.py
├── [1.1K] README.md
└── [ 60] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →